Re: How libvirt address qemu command line args

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Oct 19, 2016 at 10:17:21AM +0800, Michal Privoznik wrote:
> On 18.10.2016 14:59, zhunxun@xxxxxxxxx wrote:
> > Now I want to add some args about TPM  to domain's XML,so I can start a domain by virt-manager or other virsh command,and then ,I would like to use sVIrt security context to label vTPM and correspondingVM,But I do not know how to get these XML  args in libvirt.
> > the key problem is that how can i get and recognize these args!!!
> > related XML content :
> 
> Usually, grepping the code for cmd name <-> XML element/attribute
> translation is sufficient (esp. if you grep tests/)
> 
> > 
> > <qemu:commandline>
> >     <qemu:arg value='-enable-kvm'/>
> 
> Firstly, this is obsolete in favour of "-machine accel=kvm". In any
> case, <domain type='kvm'/> will do the trick (libvirt will use whatever
> is supported by qemu binary in your system).
> 
> >     <qemu:arg value='-drive'/>
> >     <qemu:arg value='file=/root/nvram_2.0-jin.qcow2,if=none,id=nvram0-0-0,format=qcow2'/>
> 
> Okay, this is not supported by libvirt yet. We don't really have a way
> how to specify NVRAM in anything other than a raw file. BTW: isn't qcow
> too big gun for NVRAM? I mean, NVRAM has a fixed size of what ~190 KB?
> QCOW header is about the same size.
> 
> >     <qemu:arg value='-device'/>
> >     <qemu:arg value='tpm-tis,tpmdev=tpm-tpm0,id=tpm0'/>
> >     <qemu:arg value='-tpmdev'/>
> >     <qemu:arg value='libtpms,id=tpm-tpm0,nvram=nvram0-0-0,startup=clear'/>
> 
> I'm not sure there's a way how to put startup=clean on the cmd line. I'm
> not even sure what it does.
> And I have not idea what libtpms is either :-)
> 
> >     <qemu:arg value='-bios'/>
> >     <qemu:arg value='/root/xenSeabios/out/bios.bin'/>
> >   </qemu:commandline>
> >

On top of all that - QEMU is likely to fail to start since libvirt by
default runs it as qemu:qemu user/group, and so it won't have permission
to read any of the files in /root. If you have selinux/apparmour that
will also block permission.

This is an example of why usage of qemu:commandline is discouraged - it
will always have problems with permissions if you pass files using it.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]